﻿using Fast.ConfigureOptions;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;

namespace Fast.Extensions.Authentication.JwtBearer
{
    /// <summary>
    /// Jwt验证参数设置
    /// </summary>
    [ConfigureOptions(JsonKey = "JwtParameters")]
    public class JwtParametersOptions : IConfigureOptions<JwtParametersOptions>
    {
        /// <summary>
        /// 签发方密钥
        /// </summary>
        public string IssuerSigningKey { get; set; }

        /// <summary>
        /// 是否验证签发方密钥
        /// </summary>
        public bool? ValidateIssuerSigningKey { get; set; }

        /// <summary>
        /// 签发方
        /// </summary>
        public string ValidIssuer { get; set; }

        /// <summary>
        /// 是否验证签发方
        /// </summary>
        public bool? ValidateIssuer { get; set; }

        /// <summary>
        /// 签收方
        /// </summary>
        public string ValidAudience { get; set; }

        /// <summary>
        /// 是否验证签收方
        /// </summary>
        public bool? ValidateAudience { get; set; }

        /// <summary>
        /// 是否验证Token有效期，使用当前时间与Token的Claims中的NotBefore和Expires对比
        /// </summary>
        public bool? ValidateLifetime { get; set; }

        /// <summary>
        /// 允许的服务器时间偏移量
        /// </summary>
        public long? ClockSkew { get; set; }

        /// <summary>
        /// 过期时间（分钟）
        /// </summary>
        public long? ExpiredTime { get; set; }

        /// <summary>
        /// 是否启用刷新Token
        /// </summary>
        public bool? EnableRefreshToken { get; set; }

        /// <summary>
        /// 刷新Token过期时间（分钟）
        /// </summary>
        public long? RefreshTokenExpiredTime { get; set; }

        /// <summary>
        /// 加密算法
        /// </summary>
        public string Algorithm { get; set; }

        public void PostConfigure(JwtParametersOptions options, IConfiguration configuration)
        {
            options.ValidateIssuerSigningKey ??= true;
            if (options.ValidateIssuerSigningKey == true)
            {
                options.IssuerSigningKey ??= "U2FsdGVkX19nF3OEonk34MSM3jA0zo7dWCjAmtWeVVU=";
            }
            options.ValidateIssuer ??= true;
            if (options.ValidateIssuer.Value)
            {
                options.ValidIssuer ??= "签发方";
            }
            options.ValidateAudience ??= true;
            if (options.ValidateAudience.Value)
            {
                options.ValidAudience ??= "签收方";
            }
            options.ValidateLifetime ??= true;
            if (options.ValidateLifetime.Value)
            {
                options.ClockSkew ??= 10;
            }
            //默认20分钟
            options.ExpiredTime ??= 20;
            //默认加密算法
            options.Algorithm ??= SecurityAlgorithms.HmacSha256;

            options.EnableRefreshToken ??= false;
            if (options.EnableRefreshToken.Value)
            {
                options.RefreshTokenExpiredTime ??= 60;
            }
        }
    }
}
